Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Security
- Re: SBSFU not detecting Active Slot Image
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SBSFU not detecting Active Slot Image
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-12 06:20 AM
I'm working on integrating the latest SBSFU (v2.6.2) onto an STM32L4A6 platform. I've reviewed both the user manual and application note for the SBSFU, as well as the examples provided.
In my use case:
- I have an external attached MMC flash
- I'm not planning to use the internal MCU flash dual-bank capability (so I can have an image larger than half the 1MB flash size)
- I don't need rollback/swap capability
- For OTA updates, my user application will download the encrypted image to a location in the external MMC flash. The SBSFU on boot will check for a valid image in that location, and if so, it will copy it to the MCU flash active slot.
I was able to get the B-L475E-IOT01A 2_Images_ExtFlash example to boot and run on my board, and it executes the UserApp.
For porting the SBSFU to integrate with my custom UserApp I have:
- Started from the B-L475E-IOT01A 2_Images_ExtFlash example because it seemed like the closest for what I needed.
- Replaced the example QSPI driver with an MMC flash driver
- Modified the various linker files how I think they should be modified based on the user manual/app note.
- Temporarily disabled all security protections in the SBSFU and enabled verbose debugging
- The example I started from with external flash was putting the FIREWALL NVDATA section in the middle of the MCU flash (0x8080000) as if we were using dual-bank internal flash, so I changed that by referencing the NUCLEO-L432KC 1_Image example which uses the Firewall but places the NVDATA section at the start of the first active slot (0x8020000).
- I'm able to build the SECoreBin, SBSFU, and custom UserApp successfuly.
- When I try to use STMCubeProgrammer to flash the resulting combined binary in to the MCU, it loads but it fails to detect a valid image in Active Slot 1 (the master slot), and then it erases that slot because no valid image was found.
- I'm having trouble figuring out why it's not seeing a valid image in that location, since it should be part of the combined binary produced by the SBSFU scripts.
- I've added some trace statements to the when SFU_IMG_DetectFW() is called and more specifically for the SFU_LL_FLASH_INT_Read() function.
- I can see that when it's searching inside the header region, the se_status returns SE_KO, and the se_ret_status returns SE_ERROR, but I'm not sure how to troubleshoot this further.
- Here's a console output from some trace logging I've added in this region:
SFU_IMG_DetectFW -> slot 1
SFU_LL_FLASH_Read internal
Looking in header
pSource: 0x0x8020000, Length: 320 -> pdest: 0x0x20017e78
DoubleECC_Error_Counter: 0
se_status: 1245757
se_ret_status: 100249
SFU_IMG_DetectFW -> slot 1
SFU_LL_FLASH_Read internal
Looking in header
pSource: 0x0x8020000, Length: 320 -> pdest: 0x0x20017e78
DoubleECC_Error_Counter: 0
se_status: 1245757
se_ret_status: 100249
Slot SLOT_ACTIVE_1 not empty : erasing ...
Trying to figure out what my next steps should be to determine why the SBSFU is not finding a valid image in active slot 1.
Thanks!
Labels:
- Labels:
-
SBSFU
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-13 05:11 AM
Hello @jmcoreymv ,
I don't fully catch what you have done with NVDATA of firewall.
Just be aware that there is a firewall limitation that you can check in errata sheet that impacts the possible mapping solutions.
In any case, my advice will be to debug the modified SBSFU and try to understand what happens.
You can always add SECoreBin symbols to debug inside SECoreBin. Just make sure to disable firewall and once you make it work, re-enable firewall to see if you don't fall in the limitation.
Best regards
Jocelyn
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-13 02:55 PM
I'm going to work a bit more on trying to load the SECoreBin symbols to debug that further. Currently all SBSFU protections are disabled.
Regarding the firewall limitation, could you help me understand this better for my use-case? I have the STM32L4A6, but I don't want to use the dual-bank capability since it will limit my potential image size to a bit under half of the 1MB flash. Instead I'm using the external MMC flash as my download slot, and giving up swap/rollback capabilities.
Is this still possible to do? So firewall would be enabled, code and NV data would be protected, but I don't want to place NVDATA in the middle of the MCU flash because that would prevent me from supporting larger images. Is my understanding correct?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-14 10:03 AM
Hello @jmcoreymv ,
the X-CUBE-SBSFU does not use the dual bank capability for update. I mean, the update does not happen using a bank swapping. Update mechanism uses a sector swapping mechanism using a spare sector for robustness in case of reset during the swapping.
The usage of NVData on second bank is used to protect the content of firewall on first bank. Reason is that firewall content moves with bank swapping. So, if you don't have this NVData area on second bank, the firewall content can be exposed. If you remove this, you introduce a weakness. Now, to exploit such weakness an attacker would need to be able to inject code on your target, which is not that easy.
This constraint is described in AN5056 Rev8 Chapter 3.2.2
The risk is to leak the authentication public key and the encryption key.
Authentication public key does not provide any information. Encryption key allows decrypting content of the firmware. So, if attacker manages to inject code, firmware content (outside firewall) has already leaked...
So, risk could be related to what you add inside firewall. Up to you to evaluate the global risk.
Best regards
Jocelyn
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-14 10:16 AM
Thanks you again for the response.
the X-CUBE-SBSFU does not use the dual bank capability for update. I mean, the update does not happen using a bank swapping. Update mechanism uses a sector swapping mechanism using a spare sector for robustness in case of reset during the swapping.
This makes sense to me. However in my use-case, I don't think sector swapping is used either from my understanding. "app_sfu.h" contains the "#define SFU_NO_SWAP".
The usage of NVData on second bank is used to protect the content of firewall on first bank. Reason is that firewall content moves with bank swapping. So, if you don't have this NVData area on second bank, the firewall content can be exposed. If you remove this, you introduce a weakness. Now, to exploit such weakness an attacker would need to be able to inject code on your target, which is not that easy.
This constraint is described in AN5056 Rev8 Chapter 3.2.2
The risk is to leak the authentication public key and the encryption key.
Authentication public key does not provide any information. Encryption key allows decrypting content of the firmware. So, if attacker manages to inject code, firmware content (outside firewall) has already leaked...
I believe I understand this better now, thank you for the detailed explanation. so I can evaluate the risk for this. However, the main thing I'm still stuck trying to understand is the following:
In my use-case, I will not be doing bank-swapping at all. Is it possible to just have the firewall protect the area in bank1 and not bank2 at all? So my UserApp image can span across part of bank 1 and 2? Or is there no way to include firewall protection and having UserApp images larger than half the flash?
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-15 01:40 AM
Hello @jmcoreymv
Yes you are not supposed to do bank swapping in such context.
" Is it possible to just have the firewall protect the area in bank1 and not bank2 at all?"
The firewall is an internal isolation. Inside firewall you will find keys and crypto algorithm that are used by the SBSFU to authenticate the firmware.
So, you just need to move the NVDATA part of the firewall to leave maximum space for your application.
Best regards
Jocelyn
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-15 01:14 PM
Thank you for confirming/clarifying. I'm back to my original issue, but this time I'm just using the B-L475E-IOT01A 2_Images_ExtFlash example with minimal modifications to port from the STM32L475 to the STM32L4A6. I put in some dummy responses to the QSPI external flash functions so they succeed (except the compare).
I've changed the number of active slots to 1, and number of download slots to 1 and disabled all protections.
If I leave the linker files as-is, I'm able to successfully boot the modified example SBSFU+UserApp on my board. I'm trying to modify the the mapping_fwimg.ld file to the single slot for my use-case, but struggling to get it correct.
Here's the modifications I've made to the file (original values are commented out):
__ICFEDIT_SLOT_Active_1_start__ = 0x08020000;
__ICFEDIT_SLOT_Active_1_header__ = 0x08020000;
__ICFEDIT_SLOT_Active_1_end__ = 0x080FE7FF; /* Skip the last 3 flash sectors, used for other purposes */
__ICFEDIT_SLOT_Active_1_len__ = __ICFEDIT_SLOT_Active_1_end__ - __ICFEDIT_SLOT_Active_1_start__ + 1;
/* Original Example
REMOVE__ICFEDIT_SLOT_Active_1_header__ = 0x08089E00;
REMOVE__ICFEDIT_SLOT_Active_1_start__ = 0x0808A000;
REMOVE__ICFEDIT_SLOT_Active_1_end__ = 0x080FFFFF;
*/
/* Dwl slot #1 (472 kbytes) */
__ICFEDIT_SLOT_Dwl_1_start__ = 0x90000000;
__ICFEDIT_SLOT_Dwl_1_end__ = __ICFEDIT_SLOT_Dwl_1_start__ + __ICFEDIT_SLOT_Active_1_len__ - 1;
/* Original Example
REMOVE__ICFEDIT_SLOT_Dwl_1_start__ = 0x90000000;
REMOVE__ICFEDIT_SLOT_Dwl_1_end__ = 0x90075FFF;
*/
With these changes, the SBSFU fails to detect the valid image in active slot 1:
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Software reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
No resume required : TRAILER_HDR_TEST not valid!
Slot SLOT_ACTIVE_1 not empty : erasing ...
Are you able to help identify what I might be doing wrong here?
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-16 06:28 AM
I also tried shifting the original active slot 1 header and start addresses an additional 0x1000 to keep it in the same bank 2, and reduced the size of the download slot to match. It errored out the same way as above.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-11-20 06:58 AM
I wanted to follow up on this as I’m still struggling to figure out how to successfully modify the active slot location and use the full MCU flash space for an image.
Thanks!
Related Content
- SBSFU not detecting Active Slot Image in STM32 MCUs Security
- STM32U0 Attempting to reach RDP level 1, stuck at RDP level 0 with OPTVERR bit HIGH in STM32 MCUs Security
- stm32 GPIO input from mcp23017 interrupt in STM32 MCUs Products
- STM32H743 SDRAM issues with LTDC + DMA2D in STM32 MCUs Products
- Annoying glitch on Timer Output compare channel in STM32 MCUs Products